Upcoming Virtual Event: Cloud Security Summit | July 17 - Register Now
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Chrome 126 security updates released this week resolve high-severity vulnerabilities reported by external researchers.

Oracle releases 386 new security patches to resolve roughly 240 unique CVEs as part of its July 2024 Critical Patch Update.

Pharmacy chain Rite Aid says 2.2 million people are impacted by a recent data breach for which the RansomHub group has taken credit.

NATO will establish a new cyber center to better protect against increasingly sophisticated cyber threats.

UnitedHealth booked $1.1 billion in total costs from the cyberattack in the second quarter.

CISA says it has evidence that a recent critical-severity vulnerability in GeoServer is exploited in the wild.

The Void Banshee APT exploited the CVE-2024-38112 Windows zero-day to infect systems with the Atlantida stealer.

A team of former GitHub engineers has secured $20 million in venture capital funding to build AI-powered security tools.

Frank Kim and Charles Blauner are responsible for security at both their own company and for the companies in which their firms invest.

Car dealership AutoNation has informed the SEC that the CDK Global ransomware attack impacted its quarterly earnings.

Hackers exploited a flaw to hijack cryptocurrency domains that were migrated from Google Domains to Squarespace.

People on the Move

Anirban Sengupta has been named the CTO and SVP of Engineering of cloud networking and security firm Aviatrix.

Axonius has named Nick Degnan as its first Chief Revenue Officer and Rob Casselman as its first Chief Customer Officer.

Craig Boundy has left Experian to join McAfee as President and CEO.

Forcepoint has promoted Ryan Windham from Chief Customer and Strategy Officer to Chief Executive Officer.

ICS and OT cybersecurity solutions provider TXOne Networks appointed Stephen Driggers as its new CRO.

More People On The Move
Rite Aid ransomware data breach Rite Aid ransomware data breach

Pharmacy chain Rite Aid says 2.2 million people are impacted by a recent data breach for which the RansomHub group has taken credit.

Kaspersky software ban Kaspersky software ban

Kaspersky is shutting down operations in the US and laying off employees following the recent Commerce Department ban.

AT&T Data Breach AT&T Data Breach

The massive AT&T breach has been linked to an American hacker living in Turkey and reports say the telecom giant paid a $370,000 ransom.

Top Cybersecurity Headlines

Google’s parent company Alphabet is reportedly in advanced talks to acquire the hotshot Israeli data security startup.

Data breach exposed records of call and text interactions for nearly all AT&T’s wireless customers and has been linked to the recent attacks targeting Snowflake customers.

Few people understand AI, nor how to use nor control it, nor where it is going. Yet politicians wish to regulate it.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s annual cloud security virtual summit returns with a deliberate focus on exposed attack surfaces and weaknesses in public cloud infrastructure and APIs.

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies.

Learn More

Vulnerabilities

Cybercrime

EMC today announced that it has acquired Virginia-based NetWitness Corporation, a privately-held provider of network security analysis solutions.

A report released this week coming from the largest association of data center professionals has suggested that with budget constraints and a tough economy, data center operators have been focused on immediate needs and paying less attention to disaster recovery planning and protecting against cyber attacks.

Bank of America announced this week that is has hired Patrick Gorman as chief information security officer and be responsible for the bank's information security strategy, policy and program.

Go ahead and click on the Viagra emails you’ve been warned about. Hackers don’t need to appeal to your libido to break into the company computer system. They have other compelling ways. These days they’ve been hanging around inside the network, building up profiles on company employees. By the time they have enough information and let loose their malware, you won’t even know that you were an unwilling accomplice in an advanced persistent threat.

A major milestone for DNSSEC has been reached today, as this morning DNSSEC was officially signed for the .Com TLD. Following several other Top Level Domains already supporting DNSSEC, the added level of security can now be enabled for the more than 90 million .Com names which have been registered according to VeriSign, the operator of .com.

Aggressive initiatives by the makers of popular Web browsers including Google, Microsoft, and Mozilla to improve the security of their Web browsers appear to be paying off.According to the Q3-Q4 Web Application Security Trends Report released today by Web application security firm Cenzic, the big Web browser companies seem to be paying very close attention to security, with many proactively seeking vulnerabilities by offering rewards or “bounties,” and seem to be efficient at fixing vulnerabilities in a timely manner.

Trustwave today announced updates and enhancements to ModSecurity, the open source web application firewall (WAF) engine for Apache, developed and managed by Trustwave's security team.ModSecurity enforces security policies to web transactions, reducing the risk of a web-based attack. As an open source technology, users and developers have been contributing to the community to help maintain the open source project that defends web applications.

Reports Show Significant Drops in Spam Levels Since Rustock Botnet Takedown - But Will Rustock Be Back?The Rustock Botnet was sending as many as 13.82 Billion spam emails each day before being taken down early this month by an effort headed by Microsoft in cooperation with authorities and the legal system.According to Symantec’s March 2011 MessageLabs Intelligence Report, the Rustock botnet had been responsible for an average of 28.5% of global spam sent from all botnets in March.

eBay announced today that it has agreed to acquire ecommerce and marketing services provider GSI Commerce for $2.4 billion in cash. It’s not a “done deal” yet, however, as under the terms of the merger agreement, GSI Commerce may solicit acquisition proposals from third parties for a 40-day “go-shop” period continuing through May 6, 2011.

NEI, a Canton, Massachusetts provider of solutions for software technology developers and OEMs, today announced that it has been awarded a US Patent for a technology that creates a new type of "digital fingerprint" that accurately validates software updates for physical and virtual servers and cloud-based application platforms.Patent #7900056 filed as "digital data processing methods and apparatus for management of software installation and execution," enables secure and reliable software update distribution.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

CISA says a SILENTSHIELD red team assessment found gaping holes in the security posture of a federal civilian executive branch organization.